Criminals such as hackers are keen to exploit wireless access points so they can maliciously steal sensitive information from or commit fraud on client devices connecting with such wireless access points. Some ways of exploiting a wireless access point is to masquerade as the wireless access point and attack client devices that connect with the “fake” wireless access point. Some of the most common attacks on client devices employed by criminals are the so-called “phishing” or the “man-in-the-middle” attacks.
A client device may comprise or represent any device used for wireless communications. Examples of client devices that may be used in certain embodiments of the invention are wireless devices such as mobile telephones, terminals, smart phones, portable computing devices such as lap tops, handheld devices, tablets, net-books, computers, personal digital assistants and other devices that can connect wirelessly to a communication network.
A wireless access point may comprise or represent any device used to wirelessly connect a client device to a communications network and provides access services to the client device. Examples of wireless access points that may be used in certain embodiments of the invention are wireless devices such as wireless local area network wireless access points, Wi-Fi access points, wireless access points, radio base stations, femto-cell base stations, cellular or mobile base stations, or any other base station or wireless access point based on second, third, fourth generation (2G/3G/4G) and beyond mobile technologies or standards (eg Global System for Mobile Communications (GSM), CDMA-2000, Universal Mobile Telecommunications System (UMTS), Worldwide Interoperability for Microwave Access (WiMAX), Long Term Evolution (LTE), LTE Advanced).
A phishing attack typically involves an “attacker” attempting to acquire sensitive information from users of client devices such as usernames, passwords, credit card details by masquerading as a trustworthy entity (eg a wireless access point such as a cellular base station) in a communication network. Such a trustworthy entity may be a cellular base station for a mobile telecommunications network or even a known Wi-Fi access point of a wireless local area network. In any event, the attacker may masquerade as a legitimate wireless access point using their own wireless access point (eg a rogue or “fake” wireless access point). The user of the client device when connecting to the wireless access point is fooled into connecting their client device to the “fake” wireless access point instead of the trustworthy or legitimate wireless access point and thus an attacker may gain access to sensitive information.
A man-in-the-middle attack is a form of eavesdropping in which an “attacker” makes independent connections with a user's client device and acts as a relay between the client device and a trustworthy entity, such as a wireless access point or even another client device over a communication network. The attacker can then control or eavesdrop on the user's communication session over the communication network. In these attacks, the attacker must be able to intercept all messages into and out of the client device, and can inject new false messages into the communication session. This can be particularly straightforward when the attacker is within the reception range of an unencrypted wireless access point.
A suspect wireless access point may comprise or represent any wireless access point with a reputation that is regarded as, but is not limited to, unknown, suspect, untrusted, untrustworthy, blacklisted, potentially rogue or rogue.
In another example, when mobile telephones connect with a wireless access point such as a base station of a mobile operator an authentication key is retrieved from the mobile operator's network. This is used to allow a secure communications session to be set up. However, the user of the mobile telephone is usually unaware of the identity of any of the mobile operator's base stations. They simply trust that the base station the mobile telephone connects with is their mobile operators. Hackers can use their own base station and masquerade as a legitimate base station such that the user of the mobile telephone unwittingly connects with the hacker's base station, which acts as a relay between the mobile operator and the mobile telephone. This would allow hackers to eavesdrop on packets passed between the mobile telephone and the network operator or even gain root access to the mobile telephone. They could also retrieve the secret keys used to secure the communications session, which would allow the hacker to listen to other people's mobile telephone calls, or make mobile telephone calls in their name, and access their voicemails. As femto-cell base stations become increasingly popular, almost anyone could build a cheap call interception device that can be used against the subscribers of a mobile operator in a “phishing”, “man-in-the-middle”, or any other malicious attack.
Conventionally, client devices such as mobile phones simply show a mobile operators name on the device screen. This only notifies the user that they are connected to the mobile operators network, nothing more. There is no indication as to the trustworthiness of the base station they are using to access the mobile operators network. The base station could in fact be a “fake” wireless access point that is being used to perform a “man-in-the-middle” attack. Other client devices such as laptops may execute a network connection application to assist in wirelessly connecting the client device to a public Wi-Fi access point in a café or an airport. Typically this kind of application may provide a general warning to the user of the client device about the dangers of connecting to a public Wi-Fi access point, but little else is provided in guiding the user to make a decision as to whether the Wi-Fi access point is trustworthy or not.
As mentioned above, rogue or “fake” wireless access points are a serious problem for client devices connecting wirelessly to communication networks. Although there are plenty of solutions for the problem of detecting suspect wireless access points in corporate infrastructure, there are no publicly known solutions for the problem of detecting suspect or rogue wireless access points in homes, cafes, airports, etc, where users of client devices may unwittingly connect to the wireless access point and get maliciously attacked by a phishing or targeted man-in-the-middle attack.